If You Want a VPN to Protect Your Privacy, Start Here

A VPN's not a perfect solution to your privacy problems, but it's a start.
VPNShield4x3.jpg
Getty Images

On Tuesday, the House of Representatives voted to reverse regulations that would have stopped internet service providers from selling your web-browsing data without your explicit consent. It's a disappointing setback for anyone who doesn't want big telecoms profiting off of their personal data. So what to do? Try a Virtual Private Network. It won't fix all your privacy problems, but a VPN's a decent start.

In case you're not familiar, a VPN is a private, controlled network that connects you to the internet at large. Your connection with your VPN's server is encrypted, and if you browse the wider internet through this smaller, secure network, it's difficult for anyone to eavesdrop on what you're doing from the outside. VPNs also take your ISP out of the loop on your browsing habits, because they just see endless logs of you connecting to the VPN server.

There are more aggressive ways of hiding your browsing and more effective ways of achieving anonymity. The most obvious option is to use the Tor anonymous browser. But attempting to use Tor for all browsing and communication is difficult and complicated. It's not impossible, but it's probably not the easy, broad solution you're looking for day to day to protect against an ISP's prying eyes.

Trust Factors

VPNs can shield you from your big bad cable company, but they are also in a position to potentially do all the same things you were worried about in the first place---they can access and track all of your activities and movements online. So for a VPN to be any more private than an ISP, the company that offers the VPN needs to be trustworthy. That's a very tricky thing to confirm.

One solid indicator? Check whether the VPN keeps logs of user activity. Many privacy-focused VPNs are intentionally very up front about their no-log policies, because they want to make it clear to law enforcement groups around the world that even if they are served with a warrant or subpoena, they won't have the ability to produce customer records. It's worthwhile to specifically check a company's Terms of Service to see what it says there about logging and scenarios where it would (or wouldn't) disclose user information.

It's frustrating to acknowledge, but it's crucial to understand that even these gut checks aren't foolproof. A company could misrepresent its logging practices or could accidentally store data without realizing it for longer than it means to. Additionally, research shows that scams are common among VPNs, especially mobile VPNs, and that some services simply don't offer any of the features they say they do.

A simple way to improve your chances of landing on a safe and well-meaning VPN is to pay for one. Free VPNs aren't inherently bad, but all services have to make money somehow. A free trial is one thing, but a totally free service may not have the resources to actually offer the security features it claims. And even if you've done all the research you can and checked the reputation against independent assessments, there can still be flaws in how companies set up and configure their VPN services, which could cause data leaks that are simply beyond your control.

Choices, Choices

These caveats don't make VPNs useless. It's just important to understand that these services aren't a magical solution to all your privacy woes.

"ISPs are companies that we pay for a certain service, and sharing personal information of their clients with third parties is wrong on all levels," says Sergiu Candja, the CEO of CactusVPN, a mid-sized VPN based in Canada which says it does not keep user logs. Candja adds that consumers should feel empowered to vet VPNs by checking their stance on logging, choosing smaller companies that are less likely to be targeted for having access to tons of valuable data, and using a VPN that is based in a different country.

What the VPN world really needs are standardized independent audits. Until those become commonplace---which doesn't seem likely any time soon---your best bet is to stick with reputable names, rather than rushing to the first Google result.

F-Secure Freedome, for instance, received plaudits from independent security researchers for its mobile product recently. A VPN called Private Internet Access is bare-bones, but well-reviewed, and a recent FBI case appeared to confirm its claims that it does not store any user logs.

In truth, there may be no such thing as a “best” VPN. You're simply looking for something with the best chance of working as advertised.

Once you've made your pick, the set-up process is fairly straightforward: You pay for access from the VPN of your choice, create an account, and then download the VPN's portal program onto your computer and mobile devices. After you log in, most VPNs offer different servers you can connect through that are based in different countries. Many also offer features like "kill switches," so that if your internet or VPN connection becomes unstable, the VPN will automatically quit pre-selected programs if they're running. This reduces the chance of data leakage from sensitive programs during periods of funky connection. Once you install your VPN, you can use the IPLeak.net tool to check whether the service is functioning.

There are some more practical downsides to VPN use, aside from general trust issues. Connections can be slower, for one. And after a broad crackdown to prevent users from accessing different countries' content catalogs, Netflix no longer works on most VPNs.

The reason to consider VPNs in light of the House vote about ISPs, though, is that they're fairly easy to keep on for large periods of time. If you're concerned about your ISP's bulk data collection and want to really throw a wrench in their snooping, a VPN you trust will do the trick.